Posted on

Identity Governance 101: Popular User Stories

What Is Identity Governance

In theory, identity governance refers to the policy-based centralized orchestration of user identity management and access control. In layman’s terms, this refers to managing different aspects of user accounts and how they access the resources offered. It’s believed that the concept of identity governance grew out of the Identity Governance Framework, a now-defunct project by the Liberty Group that aimed to standardize enterprise identity information usage.

That been said, there are some user stories that are identified and catered for in the WSO2 Identity Server, categorized under identity governance. I’m trying to talk about these stories one by one, hoping to have in-depth articles on each of them later.

Posted on

Threat Modelling Tools Analysis 101 – OWASP THREAT DRAGON

Abstract 

An interconnected world with an increasing number of systems, products, and services relying on the availability, confidentiality, and integrity of sensitive information is vulnerable to attacks and incidents. Unfortunately, the threat landscape expands and new threats, threat agents, and attack vectors emerge at all times. Defending against these threats requires that organizations are aware of such threats and threat agents. Threat modeling can be used as part of security risk analysis to systematically iterate over possible threat scenarios.

The motivation for this research came from the constantly growing need to acquire better tools to tackle the broad and expanding threat landscape present. One such tool to help to categorize and systematically evaluate the security of a system, product, or service, is threat modeling.

Posted on

What Is Taint Analysis and Why Should I Care?

He covered a wet, hacking cough with his hand, then pushed through the door of the ward. I reached the same door and hesitated. The Cougher had just tainted the door with his germs. If I touched it, I'd be tainted too.

These days we all know what germs are and how they're passed from person to person, and from hand to door to hand. The fact is that particularly in cold and flu season you have to regard every doorknob, and every elevator button as suspicious. You always wash your hands afterward, because you never know which doorknob is tainted with germs. You have to assume they all are.

Posted on

Compliance as Code and Applied DevOps

Use complaince as code for faster deployments.

Compliance as code is an important form of applied DevOps. This idea resonates with enterprises, who often use DevOps to deploy applications that have a specific purpose. For example, banks use DevOps to deploy applications to help improve compliance and insurance companies want applications that they can derive insights from.

You may also enjoy:  Towards Compliance as Code

It is this use of DevOps to automate the delivery of purpose-driven applications that we call applied DevOps. As enterprises picked up velocity in software delivery with faster development and faster deployments, compliance was left behind and waiting too long to incorporate compliance can undo many of the benefits of a faster delivery process. Organizations have started introducing security and compliance earlier in the software delivery process, making it part of the story from the very beginning rather than bolting it on as an afterthought at great cost.

Posted on

The Four Most Common VPN Protocols Explained and Compared

When you hear about a massive data breach in the news, it usually involves a large company that has been targeted by cybercriminals. But some of the most dangerous attacks actually occur on a smaller scale because of the vulnerabilities in a single user's online accounts or devices.

At the individual level, the best decision you can make to protect your privacy is to invest in a reliable virtual private network (VPN) client. A VPN encrypts all data as it leaves your device, which means that if a hacker tries to intercept your web traffic, they will be unable to decode it.